deep dive into PSD2

Is Open Banking All It Can Be?

PSD2's aim to usher in the era of open banking and the
sudden increase in the number of third party providers (TPP) bring great
opportunities for both fintechs and customers, lowering costs and increasing
competition.

the world of tpp

Who are these third-party providers? Well, there are the AISPs, or Account Information Service Providers, which aggregate online information from a customer's payment accounts so that they can offer them an overview of their daily finances. And there are the PISPs, or Payment Initiation Service
Providers, which provide online banking services and payments. TPPs can provide their services because PSD2 requires banks
to allow them access to their API, or Application Programming Interface, which
in turn allows TPPs to connect their own payment services to the banks' ones.

Thus, APIs are fueling a revolution in payments, but banks and fintechs can only reap the benefits of open banking if API integration is simple and the payment is easy to use. There are four factors that will determine its success: flexibility, security, fraud protection, and good documentation. APIs that provide customers with a smooth user experience will also be the most successful ones.

The key benefits of API are:

Security Comes First

Under PSD2, the customer gives a TPP consent to access their
payment account, which allows the TPP to make payments on their behalf. Of
course the TPP, the bank, and the account holder must have clear and secure
channels for both payments and communication.

The aforementioned security is expected to be strengthened via Strong Customer Authentication (SCA). The aim is to reduce the risk of online fraud and enhance customer data protection both during payments but also during account overviews the customer makes using a service provided by the TPP.

In practice, SCA requires the use of several independent
elements to approve a payment. These elements can be passwords or PINs, cards
or various biometrics like fingerprints or voice identification; and there is
also the unique authentication code that links the transaction to a specific
amount and a specific account.

SCA is expected to be applied to all payments unless they
are, for example, below a certain (usually very low) amount or the beneficiary
has already been identified.

However, there is the fact that large acquirers and merchants won't be happy with SCA's implementation because it's certain to lead to cart abandonment when customers are confronted with an authentication protocol that affects their desired frictionless payment experience.

Other
Changes

SCA is, of course, not the only change PSD2 brings. There is
the EPC SDDCore scheme rule that provides customers with an unconditional
right of refund for direct debits up to eight weeks after the payment is made,
and the regulation also places a ban on surcharges for most card payments.

In their search for improved customer experience, many
fintechs are also turning to alternative payment methods in order to draw in
new customers. While any fintech worth their salt will be offering mobile
wallets, payment via mobile phone is already an expected feature and there is a
growing interest in payments via wearables such as fitness trackers.

Outside the EU: To
PSD2 or Not to PSD2?

What about transactions that involve at least one party not
located in the EU, do they also fall under PSD2's scope? The answer is yes, and
it is PSD2's aim to provide customers with better information and protect the
EU-based part of the transaction.

As expected, tech giants are throwing their hats in the ring.
Facebook has obtained e-money licenses and payment processing authorizations
for Ireland, while Amazon did the same for Luxembourg. And there is Google as
well, who has entered Lithuania's financial market and is also competing with
Facebook in Ireland.

Florence Diss, Google’s Head of Commerce Partnerships in Europe,
said that Google was more focused on working with, rather than competing
against, banks to explore opportunities from PSD2. She also said that Google's banking partners want to have the best customer relationships and so they’re all about promoting the integration of Google's solutions with their banking partners' ones.

Source: Berlingske

Of note is the peculiar asymmetry of PSD2 implementation
where Google can request and will receive bank customer data, but the tech
giant is at the same time not obligated to share its user data with the banks.
While it's obvious Google is not keen on attracting unnecessary attention from
data protection watchdogs and regulators, it is also clear that its very large
user base provides it with much more clout than most other companies have in
Europe.

The PSD2 Whirlwind in
the Payments Industry

Open banking has motivated
banks and PSPs to consolidate, with the acquisition of Citrus Pay by PayU being
just one of recent examples.

There is also the example of multiple European banks, from
the German Neobank N26 to the French Groupe BPCE partnering with TransferWise,
a UK-based money transfer service.

TransferWise's forte is international
payments and its API makes its simple and efficient services available to all
its partner banks. Fintechs are looking towards improved cross-border payments, with Ripple, BTL and Wyre using distributed ledger technology.

The ledger technology is truly the backbone of a new infrastructure that should facilitate an easier and smoother experience. PSPs and banks are also increasing their offers of contactless transactions via
mobile and wearable devices. The trend of contactless payments has been
steadily rising for years - 2.86 billion transactions in UK alone reported in
2016 - and is expected to reach $95 billion annually.

podcast: deep dive into PSD2

Find out what our Compliance Expert, Dalibor Jokić, has to say about Open Banking, the rise of fintechs, e-money and more in the new episode of InPayments Podcast.